Overview

overview

10

Static

static

10

a5663a1281...96.exe

windows7-x64

10

a5663a1281...96.exe

windows10-2004-x64

10

out.exe

windows7-x64

3

out.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a5663a1281ae0cb8fc8e858f00b3a5b6cc6084626ec9d07a2d2e226d5df4fb96

  • Size

    360KB

  • Sample

    241104-vaz6xssnfz

  • MD5

    d18e67d2a58494b2c71b89cacffb2194

  • SHA1

    c1ad5621e0c215a31d10f181c0e9ab3871dcf64d

  • SHA256

    a5663a1281ae0cb8fc8e858f00b3a5b6cc6084626ec9d07a2d2e226d5df4fb96

  • SHA512

    b2c1f6330558d77dd87f81470e0fe9c1b9d1849f621be829c67fe8d52e7d2c2304ca68f0a97e0a5cc409f16d0458cf051739fdd43e78c0b453a9ad466723a7b1

  • SSDEEP

    6144:0sNDYMXrZmzkIZxXn+cAhokJ8zlSOC0b4RHHrpncsZzw1RXE2BYrMEhh3WnM/t9L:0CLNbInn+cw8NNiH9ncsNw1DBYZwnat0

Score
10/10
xoristdiscoverypersistenceransomwarespywarestealerupx

Malware Config

Targets

    • Target

      a5663a1281ae0cb8fc8e858f00b3a5b6cc6084626ec9d07a2d2e226d5df4fb96

    • Size

      360KB

    • MD5

      d18e67d2a58494b2c71b89cacffb2194

    • SHA1

      c1ad5621e0c215a31d10f181c0e9ab3871dcf64d

    • SHA256

      a5663a1281ae0cb8fc8e858f00b3a5b6cc6084626ec9d07a2d2e226d5df4fb96

    • SHA512

      b2c1f6330558d77dd87f81470e0fe9c1b9d1849f621be829c67fe8d52e7d2c2304ca68f0a97e0a5cc409f16d0458cf051739fdd43e78c0b453a9ad466723a7b1

    • SSDEEP

      6144:0sNDYMXrZmzkIZxXn+cAhokJ8zlSOC0b4RHHrpncsZzw1RXE2BYrMEhh3WnM/t9L:0CLNbInn+cw8NNiH9ncsNw1DBYZwnat0

    Score
    10/10
    xoristpersistenceransomwarespywarestealerupxdiscovery

    • Detected Xorist Ransomware

    • Xorist Ransomware

      Xorist is a ransomware first seen in 2020.

      ransomwarexorist

    • Xorist family

      xorist

    • Drops file in Drivers directory

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      out.upx

    • Size

      1.0MB

    • MD5

      9a139e58fa519cce8e76c55a3448c22a

    • SHA1

      67912c204b2a974a3606545fb12291cab2585ed1

    • SHA256

      966c53dab8a702adc2f64764e1e11131114f4029dc9754858900a68f2b1f54af

    • SHA512

      876bf7b0cde6441ead47622023ce469b8a9b4b3fb7f3ab8587f531b43230b0154ed9c28ec7b6ee3c2617572b289e083045e14c7f2c1098e1144504a85069833d

    • SSDEEP

      12288:bnat91RqTfleEcqyvTszMbQw+WL/k6ewli/K:jaVRqLl5cHbu4L/jlJ

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks